Cisco Secure Web Appliance Installation guide

Type
Installation guide
Cisco Systems, Inc.
www.cisco.com
Cisco Content Security
Virtual Appliance Installation Guide
Last Updated: May 5, 2021
Contents
About Cisco Content Security Virtual Appliances, page 1
System Requirements, page 7
Prepare the Content Security Image and Files, page 12
Deploy on Microsoft Hyper-V, page 14
If DHCP Is Disabled, Set Up the Appliance on the Network (Microsoft Hyper-V), page 15
Deploy on KVM, page 15
Deploy on VMWare ESXi, page 19
If DHCP Is Disabled, Set Up the Appliance on the Network (VMware vSphere), page 22
Amazon Web Services (AWS) EC2 Deployments, page 22
Managing Your Cisco Content Security Virtual Appliance, page 25
Troubleshooting and Support, page 27
Additional Information, page 30
About Cisco Content Security Virtual Appliances
Cisco content security virtual appliances function the same as physical email security, web security, or
content security management hardware appliances, with only a few minor differences, which are
documented in Managing Your Cisco Content Security Virtual Appliance, page 25.
2
Cisco Content Security Virtual Appliance Installation Guide
About Cisco Content Security Virtual Appliances
Supported Virtual Appliance Models and AsyncOS Releases for Hyper-V
Deployments
Product
AsyncOS
Release Model
Recommended
Disk Size
Supported
Disk Sizes RAM
Processor
Cores
Cisco Web
Security Virtual
Appliance
AsyncOS 12.5
and later
S100V 250 GB 200 GB
250 GB
8 GB 3
S300V 1024 GB 500 GB
750 GB
1.0 TB
12 GB 5
S600V 1024 GB 750 GB
1.0 TB
1.5 TB
2.0 TB
2.4 TB
24 GB 12
AsyncOS 12.0 S100V 250 GB 200 GB
250 GB
8 GB 3
S300V 1024 GB 500 GB
750 GB
1.0 TB
8 GB 4
S600V 1024 GB 750 GB
1.0 TB
1.5 TB
2.0 TB
2.4 TB
24 GB 12
3
Cisco Content Security Virtual Appliance Installation Guide
About Cisco Content Security Virtual Appliances
Supported Virtual Appliance Models and AsyncOS Releases for KVM
Deployments
Product
AsyncOS
Release Model
Recommended
Disk Size
Supported
Disk Sizes RAM
Processor
Cores
AsyncOS 11.7
and later
S100V 250 GB 200 GB
250 GB
6 GB 2
S300V 1024 GB 500 GB
750 GB
1.0 TB
8 GB 4
S600V 1024 GB 750 GB
1.0 TB
1.5 TB
2.0 TB
2.4 TB
24 GB 12
AsyncOS 11.0
and later
S100V 250 GB - 6 GB 2
S300V 1024 GB - 8 GB 4
S600V 1024 GB - 24 GB 12
Product AsyncOS Release Model
Recommended
Disk Size RAM
Processor
Cores
Cisco Email Security
Virtual Appliance
AsyncOS 13.0
and later
AsyncOS 12.0
and later
AsyncOS 11.0
and later
AsyncOS 10.0.1
and later
C000V (For
evaluation and
demonstration
only)
200 GB 4 GB 1
C100V 200 GB 6 GB 2
C300V 500 GB 8 GB 4
C600V 500 GB 8 GB 8
4
Cisco Content Security Virtual Appliance Installation Guide
About Cisco Content Security Virtual Appliances
Product
AsyncOS
Release Model
Recommended
Disk Size
Supported
Disk Sizes RAM
Processor
Cores
Cisco Web
Security Virtual
Appliance
AsyncOS 12.5
and later
S100V 250 GB 200 GB
250 GB
8 GB 3
S300V 1024 GB 500 GB
750 GB
1.0 TB
12 GB 5
S600V 1024 GB 750 GB
1.0 TB
1.5 TB
2.0 TB
2.4 TB
24 GB 12
AsyncOS 12.0 S100V 250 GB 200 GB
250 GB
8 GB 3
S300V 1024 GB 500 GB
750 GB
1.0 TB
8 GB 4
S600V 1024 GB 750 GB
1.0 TB
1.5 TB
2.0 TB
2.4 TB
24 GB 12
AsyncOS 11.7
and later
S100V 250 GB 200 GB
250 GB
6 GB 2
S300V 1024 GB 500 GB
750 GB
1.0 TB
8 GB 4
S600V 1024 GB 750 GB
1.0 TB
1.5 TB
2.0 TB
2.4 TB
24 GB 12
AsyncOS 10.1
and later
S600V 1024 GB - 24 GB 12
AsyncOS 8.6
and later
S100V 250 GB - 6 GB 2
S300V 1024 GB - 8 GB 4
5
Cisco Content Security Virtual Appliance Installation Guide
About Cisco Content Security Virtual Appliances
Virtual Appliance Models for VMWare ESXi Deployments
Note Except as explicitly stated in the AsyncOS documentation, modifications to the ESXi
configurations defined in the OVF are not supported.
Cisco Content Security virtual appliance OVF images have been pre-configured with the values in the
following table.
Product Model Disk Space Memory
Processor
Cores
Cisco Email Security Virtual Appliance C000V
(For evaluation and
demonstration only)
200 GB 4 GB 1
C100V 200 GB 6 GB 2
C300V 500 GB 8 GB 4
C600V 500 GB 8 GB 8
Product Model Disk Space Memory
Processor
Cores
Cisco Content Security Management Virtual
Appliance
M000V
(For evaluation and
demonstration only)
250 GB 4 GB 1
M100V 250 GB 6 GB 2
M300V 1024 GB 8 GB 4
M600V 2032 GB 8 GB 8
6
Cisco Content Security Virtual Appliance Installation Guide
About Cisco Content Security Virtual Appliances
Product
AsyncOS
Release Model
Recommended
Disk Size
Supported
Disk Sizes RAM
Processor
Cores
Cisco Web
Security Virtual
Appliance
AsyncOS 12.5
and later
S100V 250 GB 200 GB
250 GB
8 GB 3
S300V 1024 GB 500 GB
750 GB
1.0 TB
12 GB 5
S600V 1024 GB 750 GB
1.0 TB
1.5 TB
2.0 TB
2.4 TB
24 GB 12
AsyncOS 12.0 S100V 250 GB 200 GB
250 GB
8 GB 3
S300V 1024 GB 500 GB
750 GB
1.0 TB
8 GB 4
S600V 1024 GB 750 GB
1.0 TB
1.5 TB
2.0 TB
2.4 TB
24 GB 12
7
Cisco Content Security Virtual Appliance Installation Guide
System Requirements
AsyncOS version requirements are described in Supported VMWare ESXi Hypervisors, page 10.
System Requirements
Microsoft Hyper-V Deployments, page 8
KVM Deployments, page 8
VMWare ESXi Deployments, page 10
Product
AsyncOS
Release Model
Recommended
Disk Size
Supported
Disk Sizes RAM
Processor
Cores
AsyncOS 11.7
and later
S100V 250 GB 200 GB
250 GB
6 GB 2
S300V 1024 GB 500 GB
750 GB
1.0 TB
8 GB 4
S600V 1024 GB 750 GB
1.0 TB
1.5 TB
2.0 TB
2.4 TB
24 GB 12
AsyncOS 10.1
and later
S600V 1024 GB 750 GB
1.0 TB
1.5 TB
2.0 TB
2.4 TB
24 GB 12
AsyncOS 8.6
and later
S100V 250 GB - 6 GB 2
S300V 1024 GB - 8 GB 4
8
Cisco Content Security Virtual Appliance Installation Guide
System Requirements
Microsoft Hyper-V Deployments
Supported Microsoft Hyper-V and host operating systems
Hardware Requirements for Microsoft Hyper-V Deployments
Cisco UCS servers blade M3, M4 servers and later are the only supported hardware platforms.
KVM Deployments
The following are the qualified environments for KVM deployments. All deployments use thin
provisioning for disk storage.
Red Hat Enterprise Linux Server
Host OS:
Red Hat Enterprise Linux Server 7.0
(Red Hat Enterprise Virtualization and Red Hat OpenStack platform are NOT supported.)
Version Info:
Linux: 3.10.0-123.13.2.el7.x86_64
libvirt/QEMU:
Compiled against library: libvirt 1.1.1
Using library: libvirt 1.1.1
Using API: QEMU 1.1.1
Running hypervisor: QEMU 1.5.3
Hardware:
Supported on: UCS C Series 220 and 240 M3 and later
Redhat 7.0 certified UCS Platforms:
https://catalog.redhat.com/hardware/servers/search?p=1&c_version=Red%20Hat%20Enterprise%
20Linux%207&c_catalog_vendor=Cisco
AsyncOS Version Hyper-V
AsyncOS 11.0 (Web) and later Hyper-V version 5.0
9
Cisco Content Security Virtual Appliance Installation Guide
System Requirements
Ubuntu Server
Host OS:
Ubuntu Server 14.04.1 LTS (latest update)
Version Info:
Linux: 3.13.0-43-generic
Virsh/QEMU
Compiled against library: libvirt 1.2.2
Using library: libvirt 1.2.2
Using API: QEMU 1.2.2
Running hypervisor: QEMU 2.0.0
Hardware:
Supported on: UCS C Series 220 and 240 M3 and later
Ubuntu 14.04 Certified UCS Platform:
https://certification.ubuntu.com/server/models?query=&vendors=Cisco+UCS&release=14.04+LTS
KVM Drivers
Supported KVM drivers:
CDROM: IDE CDROM
Network: E1000, Virtio
Disk: VirtIO
KVM Packages
Required/related KVM packages to be installed on the host:
qemu-kvm
qemu-img
libvirt
libvirt-python
libvirt-client
virt-manager (requires X-windows)
virt-install
10
Cisco Content Security Virtual Appliance Installation Guide
System Requirements
VMWare ESXi Deployments
Supported VMWare ESXi Hypervisors
Other VMware hypervisors are supported on a “Best Effort” basis: Cisco will try to help you, but it may
not be possible to reproduce all problems, and Cisco cannot guarantee a solution.
AsyncOS Version VMWare ESXi Version
AsyncOS (Email)
AsyncOS 14.0.x 6.7
AsyncOS 13.7.x 6.5 and 6.7
AsyncOS 13.5.x 6.5 and 6.7
AsyncOS 13.0. x 6.5 and 6.7
AsyncOS 12.0 6.5 and 6.7
AsyncOS 11.1 6.5
AsyncOS 11.0 6.5
AsyncOS 10.x 6.5
AsyncOS 9.x 6.5
AsyncOS (Management)
AsyncOS 14.0.x 6.7
AsyncOS 13.8.x 6.7
AsyncOS 13.6.2 6.7
AsyncOS 13.5.x 6.5
AsyncOS 13.x 6.5
AsyncOS 12.x 6.5
AsyncOS 11.5.1 6.5
AsyncOS 11.x 6.5
AsyncOS 10.x 6.5
AsyncOS 9.x 6.5
AsyncOS (Web)
AsyncOS 12.5.x 6.5 and 6.7
AsyncOS 12.0.x 6.5 and 6.7
AsyncOS 11.8.1 and later 6.5 and 6.7
AsyncOS 11.8.0 6.5
AsyncOS 11.7.x 6.5
AsyncOS 11.5.x 6.5
AsyncOS 10.x 6.5
11
Cisco Content Security Virtual Appliance Installation Guide
System Requirements
Hardware Requirements for VMWare ESXi Deployments
Cisco UCS servers (blade or rack-mounted) are the only supported hardware platform.
Minimum requirements for the server hosting your virtual appliances:
Two 64-bit x86 processors of at least 1.5 GHz each
8 GB of physical RAM
A 10k RPM SAS hard drive disk
Other hardware platforms are supported on a “Best Effort” basis: we will try to help you, but it may not
be possible to reproduce all problems, and we cannot guarantee a solution.
Note Except as explicitly stated in the documentation, Cisco does not support the alteration of the Cisco
Content Security virtual appliance’s hardware configuration, such as removing IP interfaces or changing
the appliance’s CPU cores or RAM size. The appliance may send alerts if such changes are made.
Note VMWare ESXi 6.7 deployment is supported on Cisco UCS M4 and M5 chassis servers with AsyncOS
11.8.1-023 and later (for Web Security appliances).
(Hosted Email Security Only) Deployment in FlexPod Solutions
For AsyncOS for Email release 8.5 and later:
For more information about deploying a virtual Email Security appliance as part of a FlexPod solution,
see
http://www.cisco.com/c/dam/en/us/products/collateral/security/email-security-appliance/white-paper-c
11-731731.pdf. Your CCO login determines whether you have access to this document.
For general information about FlexPod, see http://www.cisco.com/en/US/netsol/ns1137/index.html.
FlexPod does not apply to virtual Web Security appliance or virtual Content Security Management
appliance deployments.
12
Cisco Content Security Virtual Appliance Installation Guide
Prepare the Content Security Image and Files
Prepare the Content Security Image and Files
Determine the Best-Sized Virtual Appliance Image for Your Deployment
Determine the best-sized virtual appliance image for your needs. See the data sheet for your products,
available from the following locations:
Download the Cisco Content Security Virtual Appliance Image
Before You Begin
Obtain a license from Cisco for your virtual appliance.
See Determine the Best-Sized Virtual Appliance Image for Your Deployment, page 12.
Step 1 Go to the Cisco Download Software page for your virtual appliance:
For email security:
https://software.cisco.com/download/release.html?mdfid=284900944&flowid=41782&softwareid
=282975113&release=9.1.0&relind=AVAILABLE&rellifecycle=ED&reltype=latest
For web security:
https://software.cisco.com/download/release.html?mdfid=284806698&flowid=41610&softwareid
=282975114&release=10.1.0&relind=AVAILABLE&rellifecycle=&reltype=latest
For content security management:
https://software.cisco.com/download/release.html?mdfid=286283259&flowid=72402&softwareid
=286283388&release=9.0&relind=AVAILABLE&rellifecycle=GD&reltype=latest
Step 2 In the left navigation pane, select an AsyncOS version.
Step 3 Click Download for the virtual appliance model image you want to download.
Step 4 Save the image to your local machine.
Appliance Link to Data Sheet
ESA Look for the “Cisco Email Security Appliance Data Sheet” link on this page:
http://www.cisco.com/c/en/us/products/security/email-security-appliance/datashe
et-listing.html.
In the data sheet, look for the table titled “Email Security Virtual Appliance
Specifications.”
WSA Look for the "Cisco Web Security Appliance Data Sheet" link on this page:
http://www.cisco.com/c/en/us/products/security/web-security-appliance/datashee
t-listing.html.
In the data sheet, look for the table titled "Cisco WSAV."
SMA Look for the "Cisco Content Security Management Appliance Data Sheet" link on
this page:
http://www.cisco.com/c/en/us/products/security/content-security-management-ap
pliance/datasheet-listing.html.
In the data sheet, look for the table titled "Cisco SMAV."
13
Cisco Content Security Virtual Appliance Installation Guide
Prepare the Content Security Image and Files
Related Topics
Deploy on Microsoft Hyper-V, page 14
Deploy on KVM, page 15
Deploy on VMWare ESXi, page 19
Prepare the License and Configuration Files to Load at Startup (KVM
Deployments)
This feature was introduced in AsyncOS 8.6 for Cisco Web Security Appliances. It is not available for
other content security appliances or in other AsyncOS releases.
You can automatically load the Cisco Content Security Virtual Appliance license and configuration files
the first time the Cisco appliance starts. (These files will not load after the first startup.)
Step 1 Obtain and name your license and/or configuration files:
Configuration file: config.xml
License file: license.xml
Step 2 Create an ISO image that contains one or both of these files.
What To Do Next
When you deploy the AsyncOS.QCOW image, you will attach the ISO as a virtual CD-ROM drive to the
virtual machine instance.
After startup, you can check the status log on your Cisco virtual appliance. Error messages related to this
functionality include the keyword zero. You must log into the appliance, and use the tail command
from the CLI. For more information, see the “Web Security Appliance CLI Commands” topic in the
“Command Line Interface” chapter in the user guide.
Related Topics
Deploy on KVM, page 15
14
Cisco Content Security Virtual Appliance Installation Guide
Deploy on Microsoft Hyper-V
Deploy on Microsoft Hyper-V
Note The following are the limitations for virtual Web Security appliances (with FreeBSD 10.x) deployed on
Microsoft Hyper-V generation 1 platform:
It is not possible to modify the virtual appliance interfaces using the etherconfig CLI command.
The ifconfig CLI command displays the virtual appliance interface status as Unknown or Simplex
even though it runs on Duplex mode.
However, there is no impact on the performance of the appliance due to the above limitations.
Action More Information
1. Review the Release Notes for your
AsyncOS release.
Release Notes are available from the locations in Additional
Information, page 30.
2. Download the virtual appliance
image and MD5 hash from Cisco.
You will need the MD5 hash to check the data integrity of the
appliance image.
Prepare the Content Security Image and Files, page 12.
3. Deploy the virtual appliance on
Hyper-V.
a. Set up the Windows Server Operating System. Ensure
that you have installed the required Hyper-V roles. See
System Requirements, page 7 for more information.
b. Download the image as described in Prepare the Content
Security Image and Files, page 12.
c. Using the Hyper-V Manager, install the virtual appliance
image using the New Virtual Machine Wizard.
d. Complete the wizard.
e. Edit the processor settings in the Hyper-V Manager. See
Determine the Best-Sized Virtual Appliance Image for
Your Deployment, page 12 to check for the number of
processors and NICs required.
4. If DHCP is disabled, set up the
appliance on your network.
If DHCP Is Disabled, Set Up the Appliance on the Network
(Microsoft Hyper-V), page 15
5. Install the license file Install the Virtual Appliance License File, page 22.
6. Log into the web UI of your
appliance and configure the
appliance software as you would
do for a physical appliance.
For example, you can:
Run the System Setup Wizard
Upload a configuration file
Manually configure features
and functionality.
For instructions on accessing and configuring the appliance,
including gathering required information, see the online help
or user guide for your AsyncOS release, available from the
relevant location in Additional Information, page 30.
To migrate settings from a physical appliance, see the release
notes for your AsyncOS release.
Feature keys are not activated until you enable the respective
features.
15
Cisco Content Security Virtual Appliance Installation Guide
Deploy on KVM
If DHCP Is Disabled, Set Up the Appliance on the Network (Microsoft Hyper-V)
Note If you cloned the virtual security appliance image, perform the following steps for each image.
Step 1 From the Hyper-V manager console, run interfaceconfig.
Step 2 Write down the IP address of the virtual appliance’s Management port.
Note The Management port obtains its IP address from your DHCP server. If the appliance cannot
reach a DHCP server, it will use 192.168.42.42 by default.
Step 3 Configure the default gateway using the setgateway command.
Step 4 Commit the changes.
Note The hostname does not update until after you have completed the setup wizard.
Deploy on KVM
Action More Information
Step 1 Ensure that your equipment and
software meet all system
requirements.
See System Requirements, page 7 and the documentation for the
products and tools that you will use.
Step 2 Review the Release Notes for your
AsyncOS release.
Release Notes are available from the locations in Additional
Information, page 30.
Step 3 Set up the UCS server, host OS,
and KVM.
See the documentation for the products and tools you will use.
Step 4 Download the virtual content
security appliance image.
See Download the Cisco Content Security Virtual Appliance
Image, page 12.
Step 5 Ensure that the Cisco image is
compatible with your deployment.
See Ensure Virtual Appliance Image Compatibility With Your
KVM Deployment, page 16
Step 6 (Optional) Prepare an ISO file that
includes the license and
configuration files to
automatically load at startup.
See Prepare the License and Configuration Files to Load at
Startup (KVM Deployments), page 13.
Step 7 Determine the amount of RAM
and the number of CPU cores to
allocate to your virtual appliance
model.
See Supported Virtual Appliance Models and AsyncOS Releases
for KVM Deployments, page 3.
16
Cisco Content Security Virtual Appliance Installation Guide
Deploy on KVM
Ensure Virtual Appliance Image Compatibility With Your KVM Deployment
The qcow version of our image is not compatible with QEMU versions lower than 1.1. If your QEMU
version is lower than 1.1, you must convert the image to make it compatible with your deployment.
Deploy the Virtual Appliance Using Virtual Machine Manager
Step 1 Launch the virt-manager application.
Step 2 Select New.
Step 3 Enter a unique name for your virtual appliance.
Step 4 Select Import existing image.
Step 5 Select Forward.
Step 6 Enter options:
OS Type: UNIX.
Version: FreeBSD 8.X
Step 7 Browse to and select the virtual appliance image that you downloaded.
Step 8 Select Forward.
Step 9 Enter RAM and CPU values for the virtual appliance model you are deploying.
Step 8 Deploy the virtual content security
appliance image.
Use one of the following methods:
Deploy the Virtual Appliance Using Virtual Machine
Manager, page 16
Deploy the Virtual Appliance Using virt-install: Example,
page 17
Step 9 If you will deploy the High
Availability feature introduced in
AsyncOS 8.5 for Cisco Web
Security Appliances, configure the
host to support this feature.
See (Optional) Configure the Virtual Interface to Support High
Availability, page 18.
Step 10 If you did not configure the system
to load license and configuration
files at first startup:
Install the virtual appliance
license file
Install feature licenses
Configure your Cisco content
security virtual appliance.
To install the virtual appliance license file, see Amazon Web
Services (AWS) EC2 Deployments, page 22
To install feature licenses and configure the appliance, see
the User Guide or online help for your AsyncOS release.
Step 11 Configure the appliance to send
alerts when license expiration
nears.
See the online help or user guide for your AsyncOS release.
Action More Information
17
Cisco Content Security Virtual Appliance Installation Guide
Deploy on KVM
See Supported Virtual Appliance Models and AsyncOS Releases for KVM Deployments, page 3.
Step 10 Select Forward.
Step 11 Select the Customize check box.
Step 12 Select Finish.
Step 13 Configure the disk drive:
a. In the left pane, select the drive.
b. Under Advanced options, select options:
Disk bus:Virtio.
Storage format: qcow2
c. Select Apply.
Step 14 Configure the network device for the management interface:
a. In the left pane, select a NIC.
b. Select options:
Source Device: Your management vlan
Device model: virtIO
Source mode: VEPA.
c. Select Apply.
Step 15 Configure network devices for four additional interfaces (WSA only):
Repeat the previous set of substeps for each interface you will use.
Step 16 If you prepared an ISO image with the license and configuration files to be loaded at startup:
Attach the ISO as a virtual CD-ROM drive to the Virtual Machine instance.
Step 17 Select Begin Installation.
Related Topics
Deploy on KVM, page 15
Deploy the Virtual Appliance Using virt-install: Example
Before You Begin
Determine the amount of RAM and number of CPU cores needed for your appliance. See Supported
Virtual Appliance Models and AsyncOS Releases for KVM Deployments, page 3.
Procedure
Step 1 Create the storage pool where your virtual appliance will reside:
virsh pool-define-as --name vm-pool --type dir --target /home/username/vm-pool
virsh pool-start vm-pool
Step 2 Copy the virtual appliance image to your storage pool:
cd /home/yusername/vm-pool
18
Cisco Content Security Virtual Appliance Installation Guide
Deploy on KVM
tar xvf ~/asyncos-8-6-0-007-S100V.qcow2.tar.gz
Step 3 Install the virtual appliance:
virt-install \
--virt-type kvm \
--os-type=unix \
--os-variant=freebsd8 \
--name wsa-example \ (This name should be unique)
--ram 6144 \ (Use the value appropriate to your virtual appliance model)
--vcpus 2 \ (Use the value appropriate to your virtual appliance model)
--noreboot \
--import \
--disk
path=/home/username/vm-pool/asyncos-8-6-0-007-S100V.qcow2,format=qcow2,bus=virtio \
--disk path=/home/username/vm-pool/wsa.iso,bus=ide,device=cdrom \ (If you created an ISO
with the license and configuration file to load at startup)
--network type=direct,source=enp6s0.483,source_mode=vepa,model=virtio \
--network type=direct,source=enp6s0.484,source_mode=vepa,model=virtio \
--network type=direct,source=enp6s0.485,source_mode=vepa,model=virtio \
--network type=direct,source=enp6s0.486,source_mode=vepa,model=virtio \
--network type=direct,source=enp6s0.487,source_mode=vepa,model=virtio
Step 4 Start the virtual appliance:
virsh start wsa-example
Related Topics
Deploy on KVM, page 15
(Optional) Configure the Virtual Interface to Support High Availability
The high availability feature was introduced in AsyncOS 8.5 for Cisco Web Security Appliances and is
described in detail in the user guide and online help.
If your Web Security appliance will be added to a failover group for high availability, configure the
virtual interface to use promiscuous mode, in order to enable the appliances in the failover group to
communicate with each other using multicasting.
You can make this change at any time.
Step 1 On the host OS, find the macvtap interface associated with the interface with which the multicast traffic
will be associated.
Step 2 Set the macvtap interface to use promiscuous mode:
Enter on the host: ifconfig macvtapX promisc
Related Topics
Deploy on KVM, page 15
19
Cisco Content Security Virtual Appliance Installation Guide
Deploy on VMWare ESXi
Deploy on VMWare ESXi
(Optional) Clone the Virtual Appliance
If you will run multiple virtual security appliances in your environment:
Cisco recommends that you clone the virtual security appliance before you run it the first time.
Cloning a virtual security appliance after the license for the virtual appliance has been installed
forcefully expires the license. You will have to install the license again.
Action More Information
1. Review the Release Notes for your AsyncOS
release.
Release Notes are available from the locations in
Additional Information, page 30.
2. Download the virtual appliance image and MD5
hash from Cisco.
You will need the MD5 hash to check the data
integrity of the appliance image.
Prepare the Content Security Image and Files,
page 12.
3. Deploy the virtual appliance on your ESXi host or
cluster.
Deploy the Virtual Appliance, page 20.
4. (Optional) Clone the image if you want to run
multiple virtual appliances on your network.
(Optional) Clone the Virtual Appliance, page 19.
5. Prevent intermittent connectivity issues. Disable unused network interface cards (NICs) on
the virtual machine.
6. Configure synchronization on the virtual machine
to avoid random failures on your Cisco Content
Security virtual appliance.
Important! Prevent Random Failures, page 21
7. If DHCP is disabled, set up the appliance on your
network.
If DHCP Is Disabled, Set Up the Appliance on the
Network (VMware vSphere), page 22
8. Install the license file. Install the Virtual Appliance License File,
page 22.
9. Log into the web UI of your appliance and
configure the appliance software as you would do
for a physical appliance.
For example, you can:
Run the System Setup Wizard
Upload a configuration file
Manually configure features and
functionality.
For instructions on accessing and configuring
the appliance, including gathering required
information, see the online help or user guide
for your AsyncOS release, available from the
relevant location in Additional Information,
page 30.
To migrate settings from a physical appliance,
see the release notes for your AsyncOS
release.
Feature keys are not activated until you enable the
respective features.
10. Configure the appliance to send alerts when
license expiration nears.
See the online help or user guide for your
AsyncOS release, available from the relevant
location in Additional Information, page 30.
20
Cisco Content Security Virtual Appliance Installation Guide
Deploy on VMWare ESXi
You must shut down the virtual appliance before cloning it.
If you want to clone a virtual appliance that is already in use, see Clone a Virtual Appliance Already
in Use, page 24 for more information.
For instructions on cloning a virtual machine, see VMWare’s technical documentation at
http://www.vmware.com/support/ws55/doc/ws_clone.html.
Related Topics
Deploy on Microsoft Hyper-V, page 14
Deploy on KVM, page 15
Deploy on VMWare ESXi, page 19
Deploy the Virtual Appliance
Before You Begin
Set up the ESXi host or cluster on which you will deploy the virtual appliance. See System
Requirements, page 7 for more information.
Install the VMware vSphere Client on your local machine.
Download the image as described in Prepare the Content Security Image and Files, page 12.
Step 1 Unzip the .zip file for the virtual appliance in its own directory; e.g., C:\vESA\C100V or :\vWSA\S300V.
Step 2 Open the VMware vSphere Client on your local machine.
Step 3 Select the ESXi host or cluster to which you want to deploy the virtual appliance.
Step 4 Choose File > Deploy OVF template.
Step 5 Enter the path to the OVF file in the directory you created.
Step 6 Click Next.
Step 7 Complete the wizard.
Thin provisioning for disk storage is supported at the hypervisor layer. Disk space and performance
may be reduced if you select this option.
Note Except as explicitly stated in the AsyncOS documentation, modifications to the ESXi
configurations defined in the OVF are not supported.
Note Do not take backup (snapshot) of the virtual appliance using VMware or any other third-party tools, or
restore a virtual appliance from a snapshot. Alternatively, you can take backup of the configuration using
the System Administration > Configuration File menu in the user interface or using the saveconfig
CLI command. You can then load it on another spawned virtual appliance.
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30

Cisco Secure Web Appliance Installation guide

Type
Installation guide

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI